I’m pleased to announce that the latest episode of The Polyglot Developer Podcast titled, Mobile Application Security, has been published to iTunes, Pocket Casts, and every other major podcasting network that consumes the feed!
In this episode, which is the 24th episode of the show, I’m joined by first time guest, Rob Lauer, and returning guest TJ VanToll. Both of these guests work for Progress, which is the company behind NativeScript, and you’ll remember that episode 5 was strictly around getting to know what NativeScript has to offer. The focus of this episode isn’t around NativeScript, but around the security of your mobile applications. Just like with web applications, security is important with mobile, even if it isn’t talked about as much.
In this episode you’ll learn about protecting your application source code from reverse engineering, protecting your users data at rest, and securely transferring your data between remote web services.Read More
I am pleased to announce that the latest episode of The Polyglot Developer Podcast is now available to download from all the popular podcasting networks. In this episode titled, Authorizing Access with OAuth, I’m joined by Ryan Chenkie from Auth0 to talk about OAuth and how it can be used to authorize access to your data by third-party applications.Read More
When it comes to API development, there is often a need to protect certain endpoints or rate-limit the API in general. Because you are working with endpoints from clients possibly on a different domain, you can’t authenticate users with sessions and cookies. It would also be a bad idea to pass around a username and password with each request. Typically endpoints are protected with tokens that are passed with each request and these tokens are often JSON Web Tokens (JWT) that work very well.
We’re going to see how to create a very simple API using Node.js with protected endpoints that require a valid JWT in order for requests to succeed.Read More
When you have a website that transmits information from a user to your server it is very important to encrypt it. The last thing you want is someones password being sniffed by a malicious user when they register or sign in. By using Secure Socket Layer (SSL), data is encrypted between client and server preventing any malicious users from sniffing your password in plain text.
The following will help you install an SSL certificate to one of your Apache web server virtual hosts.Read More
If you’re using a LAMP (Linux, Apache, MySQL, PHP) stack, chances are you’re going to be using phpMyAdmin. By default, your phpMyAdmin installation is not very secure and chances are your MySQL database has a treasure trove of excellent information for a malicious user.
By following these steps, you can make it significantly tougher for your phpMyAdmin installation to be exploited.Read More